coop-cloud/organising
coop-cloud
/
organising
7
0
Fork 0
Code Issues 156 Pull Requests Projects 2 Releases Activity

Caddy as a Traefik replacement? #388

New Issue
Open
opened 2023-01-23 08:24:08 +00:00 by decentral1se · 12 comments
decentral1se commented 2023-01-23 08:24:08 +00:00
Owner
Copy Link

image

https://dev.to/jhot/caddy-docker-proxy-like-traefik-but-better-565l

![image](/attachments/b55f7045-1382-452a-a430-bd8a73624be2) https://dev.to/jhot/caddy-docker-proxy-like-traefik-but-better-565l
image.png
53 KiB
decentral1se added the
enhancement
 label 2023-01-23 08:24:08 +00:00
3wordchant commented 2023-01-23 15:58:59 +00:00
Owner
Copy Link

Things we're currently doing in Traefik which we'd need to work out in Caddy to make it a drop-in replacement:

  • OIDC login for arbitrary sites (example)
  • HTTP Basic auth for arbitrary sites (no public example)
  • Forwarding arbitrary ports (current list)

I think that's it?

Also to answer @joenas's question in #coopcloud-tech:

Also does Caddy not require an email for LE certs?

No! Strongly recommended tho.

Things we're currently doing in Traefik which we'd need to work out in Caddy to make it a drop-in replacement: - OIDC login for arbitrary sites ([example](https://git.coopcloud.tech/coop-cloud/custom-html/src/branch/main/compose.sso.yml)) - HTTP Basic auth for arbitrary sites (no public example) - Forwarding arbitrary ports ([current list](https://git.coopcloud.tech/coop-cloud/traefik/src/branch/master/traefik.yml.tmpl)) I think that's it? Also to answer @joenas's question in #coopcloud-tech: > Also does Caddy not require an email for LE certs? No! Strongly recommended tho.
codegod100 commented 2023-02-21 23:37:10 +00:00
Member
Copy Link

I haven't used caddy that much. It feels simpler though based on my memory. I feel like the biggest thing is weighing the cost of the lift to switchover vs the benefit of using something new. We are already using traefik and that shouldn't be understated. Although it's still early days so that shouldn't matter a whole lot. Do we know approx how many operators are using abra in production?

I haven't used caddy that much. It feels simpler though based on my memory. I feel like the biggest thing is weighing the cost of the lift to switchover vs the benefit of using something new. We are already using traefik and that shouldn't be understated. Although it's still early days so that shouldn't matter a whole lot. Do we know approx how many operators are using abra in production?
3wordchant commented 2023-02-26 19:00:25 +00:00
Owner
Copy Link

Do we know approx how many operators are using abra in production?

No. My rough guess might be about 5-15 organisations and individuals.

I feel like the biggest thing is weighing the cost of the lift to switchover vs the benefit of using something new.

We could potentially allow both as options, they'd ignore each other's labels.

Unless we can work out a find/replace (maybe using yq?), it'd probably take at least 5 minutes minimum per recipe, so around 8 hours to add Caddy support to all recipes.

> Do we know approx how many operators are using abra in production? No. My rough guess might be about 5-15 organisations and individuals. > I feel like the biggest thing is weighing the cost of the lift to switchover vs the benefit of using something new. We could potentially allow both as options, they'd ignore each other's labels. Unless we can work out a find/replace (maybe using `yq`?), it'd probably take at least 5 minutes minimum per recipe, so around 8 hours to add Caddy support to all recipes.
codegod100 commented 2023-03-01 00:34:21 +00:00
Member
Copy Link

Adding some resources:

Reddit thread by caddy author on caddy/traefik:
https://www.reddit.com/r/selfhosted/comments/dmve6n/comment/f55nviu/?utm_source=reddit&utm_medium=web2x&context=3

caddy community post about configuring caddy to use docker containers:
https://caddy.community/t/caddy-reverse-proxy-nextcloud-collabora-vaultwarden-with-local-https/12052

https://github.com/lucaslorentz/caddy-docker-proxy

Adding some resources: Reddit thread by caddy author on caddy/traefik: https://www.reddit.com/r/selfhosted/comments/dmve6n/comment/f55nviu/?utm_source=reddit&utm_medium=web2x&context=3 caddy community post about configuring caddy to use docker containers: https://caddy.community/t/caddy-reverse-proxy-nextcloud-collabora-vaultwarden-with-local-https/12052 https://github.com/lucaslorentz/caddy-docker-proxy
❤️ 2
3wordchant commented 2023-03-01 00:37:52 +00:00
Owner
Copy Link

caddy community post about configuring caddy to use docker containers:
https://caddy.community/t/caddy-reverse-proxy-nextcloud-collabora-vaultwarden-with-local-https/12052

we would probably need the "inversion of configuration" approach using labels that's provided by caddy-docker-proxy, like we do with Traefik, to preserve the current "don't need to edit a reverse proxy config file every time we add a new app to a server" behaviour. So we'd need to pull anything that looks interesting from that page (e.g. fallback responses like respond /admin* "The admin panel is disabled, please configure the 'ADMIN_TOKEN' variable to enable it") into the docker-label format.

> caddy community post about configuring caddy to use docker containers: > https://caddy.community/t/caddy-reverse-proxy-nextcloud-collabora-vaultwarden-with-local-https/12052 we would probably need the "inversion of configuration" approach using labels that's provided by [`caddy-docker-proxy`](https://github.com/lucaslorentz/caddy-docker-proxy), like we do with Traefik, to preserve the current "don't need to edit a reverse proxy config file every time we add a new app to a server" behaviour. So we'd need to pull anything that looks interesting from that page (e.g. fallback responses like `respond /admin* "The admin panel is disabled, please configure the 'ADMIN_TOKEN' variable to enable it"`) into the docker-label format.
codegod100 commented 2023-03-01 00:48:39 +00:00
Member
Copy Link

we would probably need the "inversion of configuration" approach using labels that's provided by caddy-docker-proxy,

Yeah I literally just realized this and added link to their github repo like 2 minutes ago hahaha

>we would probably need the "inversion of configuration" approach using labels that's provided by caddy-docker-proxy, Yeah I literally just realized this and added link to their github repo like 2 minutes ago hahaha
😆 1
codegod100 commented 2023-03-01 01:11:05 +00:00
Member
Copy Link

ostensibly we could automagically insert caddy labels into recipes using domain variables from config files and just delete the traefik labels in our current recipes. Do you see any issues with that?

ostensibly we could automagically insert caddy labels into recipes using domain variables from config files and just delete the traefik labels in our current recipes. Do you see any issues with that?
codegod100 commented 2023-03-01 01:14:58 +00:00
Member
Copy Link

I guess compose files can have multiple services so it's a lot of magic to determine which ones need labels so maybe not. I do like that there is less label config in caddy though 🤷‍♀️

I guess compose files can have multiple services so it's a lot of magic to determine which ones need labels so maybe not. I do like that there is less label config in caddy though 🤷‍♀️
👍 1
3wordchant commented 2023-03-04 05:22:31 +00:00
Owner
Copy Link

ostensibly we could automagically insert caddy labels into recipes using domain variables from config files ..

Automating adding labels as far as possible would be great. Almost all recipes have a ...loadbalancer.server.port= Traefik label on web-accessible services, which could be a good start?

and just delete the traefik labels in our current recipes. Do you see any issues with that?

Until there's an answer to (at least most of) the so-far missing features in comment 15327 then some of us will need to keep on Traefik to some degree.

So having both in some/all recipes, while kinda duplicative, would be a way for folks to try out Caddy sooner while keeping existing stuff working.

> ostensibly we could automagically insert caddy labels into recipes using domain variables from config files .. Automating adding labels as far as possible would be great. Almost all recipes have a `...loadbalancer.server.port=` Traefik label on web-accessible services, which could be a good start? > and just delete the traefik labels in our current recipes. Do you see any issues with that? Until there's an answer to (at least most of) the so-far missing features in [comment 15327](#issuecomment-15327) then some of us will need to keep on Traefik to some degree. So having both in some/all recipes, while kinda duplicative, would be a way for folks to try out Caddy sooner while keeping existing stuff working.
👍 1
3wordchant commented 2023-08-20 16:30:15 +00:00
Owner
Copy Link

coop-cloud/caddy is a thing now! 🚀

And I just used it for the first (AFAIK) successful Co-op Cloud caddy deployment (of federatedwiki).

Still no ideas about the missing features listed in comment #1 but this is a promising start.

[`coop-cloud/caddy`](https://git.coopcloud.tech/coop-cloud/caddy/) is a thing now! 🚀 And I just used it for the first (AFAIK) successful Co-op Cloud caddy deployment (of `federatedwiki`). Still no ideas about the missing features listed in [comment #1](https://git.coopcloud.tech/coop-cloud/organising/issues/388#issuecomment-15327) but this is a promising start.
🎉 2
3wordchant commented 2023-10-20 08:32:46 +00:00
Owner
Copy Link

OIDC login for arbitrary sites

https://caddyserver.com/docs/caddyfile/directives/forward_auth

> OIDC login for arbitrary sites https://caddyserver.com/docs/caddyfile/directives/forward_auth
wykwit commented 2024-01-05 23:58:48 +00:00
Member
Copy Link

Caddy is awesome and seems to works great instead of Traefik. All you really need for a basic setup is to deploy the proxy and just add these two labels from OP to the compose.yml of your target application.

I also wanted to disable automatic HTTPS, because in my self-hosting setup there are additional layers between my server and the internet.
In the compose.yml of Caddy it was simply:

  4 services:
  5   app:
...
 17     deploy:
 18       labels:
 19         - "caddy.auto_https=off"

Definitely +1 for more Caddy support in recipes!

Caddy is awesome and seems to works great instead of Traefik. All you really need for a basic setup is to deploy the proxy and just add these two labels from OP to the compose.yml of your target application. I also wanted to disable automatic HTTPS, because in my self-hosting setup there are additional layers between my server and the internet. In the compose.yml of Caddy it was simply: ``` 4 services: 5 app: ... 17 deploy: 18 labels: 19 - "caddy.auto_https=off" ``` Definitely +1 for more Caddy support in recipes!
❤️ 2
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
master
Labels
Clear labels   
abra

Everything to do with abra

  
abra-gandi

Abra Gandi plugin

  
awaiting-feedback

Ping/pong on comms

  
backups

   
bug

Something is not working

  
build

Go build related issues

  
ci/cd

Getting the robots into the mix

  
community organising

Opening this thing up

  
contributing

Contributors stuff

  
coopcloud.tech

Our main website

  
democracy

Democratic decision making

  
design

Design thinking required

  
documentation

Let's write things together

  
duplicate

This issue or pull request already exists

  
enhancement

New feature

  
finance

Money things

  
funding

Anything related to grant funding

  
good first issue

Easy start with development

  
help wanted

Need some help

  
installer

Installation related issues

  
kadabra

   
performance

Performance related

  
proposal

Large change which requires feedback & decisin making

  
question

More information is needed

  
recipes.coopcloud.tech

Our recipes catalogue

  
security

Securing our shit

  
test

Unit or integration test suite

  
wontfix

This won't be fixed

No Label
abra
abra-gandi
awaiting-feedback
backups
bug
build
ci/cd
community organising
contributing
coopcloud.tech
democracy
design
documentation
duplicate
enhancement
finance
funding
good first issue
help wanted
installer
kadabra
performance
proposal
question
recipes.coopcloud.tech
security
test
wontfix
Milestone
Clear milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
No Assignees
4 Participants
Notifications
Due Date
The due date is invalid or out of range. Please use the format 'yyyy-mm-dd'.

No due date set.

Dependencies

No dependencies set.

Reference: coop-cloud/organising#388
No description provided.
Delete Branch "%!s(<nil>)"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?